The more you know about the likely avenues of cybercrime attack, the better you can protect yourself against them, says Alan Calder.

There is never a time for complacency in information security. All users remain under the permanent threat of cybercrime, so the most important thing is to know your enemy. If you do, you greatly increase the strength of your protection. Here are the main information security threats right now.

I expect a sharp rise in this mode of entry by cybercriminals. Apart from practising good website security, such as regular application of all relevant patches, it is a good idea to have a basic understanding of common hacking techniques, such as SQL injection and cross-site scripting.

2. Sophisticated phishing and pharmingFake emails and scams for money from 'banks' or 'HMRC' have become increasingly difficult to tell from the real thing. There is a clear rise in interest among criminals in online identity theft.

Antivirus software and spyware removal software cannot protect against these attacks single-handedly. Effort must go into user education in this area to cut exposure to risk.

4. Social media attacksThere has been an increase in social media attacks, exploiting inadequate password security and insecure free apps. The security settings for personal and sensitive data on social networking sites are not transparent, meaning individuals are not always aware of how much personal information is accessible to possibly undesirable third parties.

6. Theft of credit-card detailsPerhaps only five percent of e-commerce websites are PCI DSS-secure. The payment card industry is seeing frightening increases in the hacking of merchant security systems to obtain card data, particularly with merchants that accept cardholder information over the internet.

One example is the exploitation of IP-based telephone systems to perform 'vishing' campaigns. Vishing makes calls from a compromised phone system that appears to be a trusted source to the receiver of the call, enticing the receiver to divulge confidential information.

8. Increased outsourcingMany companies — large and small — have turned to outsourcing services as a cost-saving strategy but, consequently, large amounts of sensitive data, including customer and employee personal information, are being shared with outside vendors.

It is imperative that any partner of you or your business, with access to sensitive customer information, deploys adequate safeguards to protect that information.

10. ComplacencyYou can have all the latest technology to secure your internet perimeter but if your employees are not trained in how to follow and enforce your security policies, you may not be prepared to stop an enemy walking in the front door to gain access to your data.

Compared with many of the investments made by organisations, data protection compliance comes at a bargain price. Any organisation not addressing information security with a formal compliance regime is not only risking financial penalties; if you let your customers down, your very survival will be on the line.

Alan Calder is chief executive of security and compliance organisation IT Governance.